You Asked for It!

Just read this article about Health insurance websites in California entitled “State-run healthcare websites aren’t as secure as you’d think”. This is a typical scenario where website owners or comapnies are just asking for it. Here is an extract from the article.

We just attempted to apply for YCF on HackerNews yesterday and one of their user asked us a typical question.

Is bot traffic a nuisance or actually a problem?

We have given a quick respond on HackerNews but I think there is more to this question than what we have listed there. Granted that most people are ignorant about the implications with regard to bot traffic activities. We have come to understand (and is still in the process of figuring it out) that there is perhaps a strong correlation between bot traffic activity and website hacking incidents. We are curious about this because our machine learning service have been picking up hacked websites recently and we are studying the data to find out what happened. The eventual question that we hope to answer is this:

Can hacking of a website be predicted and therefore prevented?

This is a tough question to answer and it needs alot of work, data and analysis before we can attempt to quantify the bot traffic problem. The interesting part would be the application that will come out of this research work. The assumption here is that hackers don’t know about their potential victims and need to probe and do intelligence gathering. This process will inevitably leave digital trails that can perhaps be identified early and prevented rather than the current clean up the mess approach.

The sad part about trying to research and work on this bot traffic problem is that NO one seem to care! People seem to be only interested in fighting the fire rather than prevent a fire from happening. As an example, I am sure the health insurance companies in California thinks that it is no big deal until they get hacked and customer information gets exposed or sold. The painful part in this type of incident is that the customer information contains a lot of private data about the individuals that can be used for criminal purposes.

How many of you reading this article uses your birthday or social insurence number or identity card details to verify account modification request on the phone with staff from the service companies that you purchased from? I am sure tons of us would answer “Yes” to that. How many of you use these same information as part of your password on important accounts like banks and ATM? If you said “Yes” then those stolen data has just granted the criminals entry into your bank account, home, phone service and etc.

None the less, I really hope that what I am doing with MalleableByte will make a difference. Perhaps even change the reactive approach that our security industry is build on into a proactive one.

Help us by adopting MB™ on your website. You will be helping to automatically contribute data for the future of spam traffic prevention. And who knows what this work on spam traffic will help us solve tomorrow. ;)